ExoIS and Semafone Integration De-scopes any Environment From PCI Compliance

Semafone, the global leader in secure voice payments, is pleased to announce the appointment of ExoIS as a major reseller, OEM and hosting partner in North America.

ExoIS provides PeepSafe, a Level 1 compliant portal for descoping any organization from PCI DSS compliance, and is a leading US provider of information security and compliance services and products. PeepSafe is a cost-effective secure portal environment for encrypted email, fax and voice messages, online storage and the safe processing of cardholder data. The two companies will integrate their technologies in order to offer best in class technologies for PCI Level 1 compliant services in a hosted portal environment.

UK-based Semafone‘s solution works by allowing the customer to enter payment card data via their telephone keypad instead of speaking it over the phone. The software masks this data, meaning that sensitive information is not held on the organization’s systems, thereby removing them from the scope of PCI DSS. The customer and the contact center agent can continue their conversation while data is entered, so any problems such as mis-keyed numbers can be dealt with as they occur and calls are less likely to be abandoned.

Semafone’s patented and award winning technology solution not only allows the voice call to continue as normal while the customer enters their credit card information, but also the call recording. For complete security, Semafone masks the DTMF (Dual Tone Multi-Frequency) tones from the cardholder’s telephone and replaces them with a flat tone so they can neither be recognized by the merchant employee nor recorded on the call recording system.

By ensuring all card data remains segregated and by removing Sensitive Authentication Data (SAD) before it hits the call recorder and the organization’s infrastructure, Semafone ensures that the voice component is taken out of the scope of PCI DSS and protected against the risk of opportunistic agent fraud and its associated reputational damage.

PeepSafe is Software as a Service (SaaS) suite of applications that allow organizations which store, process or transmit cardholder information to de-scope internal functions and contain personal data securely within a hosted portal. PeepSafe sits between the consumer, the merchant system and the payment gateway, enabling PCI-compliance by ensuring that cardholder data remains within a secure portal and cannot enter or re-enter an organization’s corporate network. This solution can enable merchants, depending on the services selected, to reduce their PCI footprint down to an SAQ A with practically no impact on existing systems and processes.

The joint solutions can support any tokenization technology, can interact with any payment gateway and de-scope Level 1 to Level 4 environments.

We are very excited to integrate the Semafone technology into our suite of de-scoping
solutions.

We are jointly able to de-scope any environment performing any processing, storage or transmission of cardholder data, whether card present or card not present, practically seamlessly to the customer. We believe this offering will be of great interest to merchants and service providers alike to reduce the risks associated with the storage of on-site data. We hope
new and existing Semafone customers will be able to benefit from this extensive range of combined services.

– Ruth Xovox, Chief Compliance Strategist at ExoIS and former PCI Board of Advisors member

We are thrilled to have ExoIS as a reseller and OEM partner. The ExoIS team offers broad, deep expertise in PCI compliance solutions and has the right experience to help merchants to cut the costs of compliance while reducing risk and improving the contact center service they offer their customers.

– Stu Carty, EVP The Americas, Semafone